+1 Get Outlook for Android<https://aka.ms/ghei36>
________________________________ From: Cantor, Scott <canto...@osu.edu> Sent: Tuesday, July 16, 2019 10:19:07 AM To: dev@santuario.apache.org; cohei...@apache.org Subject: Re: [VOTE] - Release Apache Santuario - XML Security for Java 2.1.4 On 7/16/19, 11:59 AM, "Colm O hEigeartaigh" <cohei...@apache.org> wrote: > This is a vote to release Apache Santuario - XML Security for Java 2.1.4. +1 Regarding the changes, is a decent summary of the places where there would be any use of the DocumentBuilder and any XML parsing by the library itself: - decrypting XML - particular Transform sequences that go from octet stream to DOM mid-transform ? My project is particular sensitive to the security considerations of ever allowing any other library to do XML parsing for obvious reasons. I wonder if there's a way we could inject our own via some kind of interface in a future version? Or would a patch for that be welcome? -- Scott
